krb5+Ubuntu (maverick, jaunty (LTS))+ssh
Brian Candler
B.Candler at pobox.com
Sat Nov 20 03:58:29 EST 2010
On Fri, Nov 19, 2010 at 02:03:09PM +0100, Thomas Schweikle wrote:
> I can log in from maverick to maverick machines. No problem.
> kerberos does what it is expected to do.
>
> I can't log in from any jaunty (10.04.1 LTS) machine to any other
> machine using kerberos. I am handled a session key, but
> authenticating against any of the jaunty-machines fails. ssh falls
> back to password authentication.
Sorry to state the obvious, but have you set
Host *
...
GSSAPIAuthentication yes
in /etc/ssh/ssh_config ?
What does ssh -v <host> show when you try to connect?
> The kerberos server on jaunty seems to work as expected, but the
> client and GSSAPI seems badly broken.
10.04.1 LTS isn't Jaunty, it's Lucid. "cat /etc/lsb-release" to see what you
have.
I have a Lucid client which can quite happily kinit to Active Directory, and
ssh to RedHat machines using its Kerberos ticket.
Regards,
Brian.
More information about the Kerberos
mailing list